Banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures. For companies also subject to the FTC’s jurisdiction, however, the threat of FTC regulation of their cybersecurity policies and procedures is significantly more imminent in view of a recent decision of the U.S. Court of Appeals for the Third Circuit.
In FTC v. Wyndham Worldwide Corporation, a case of first impression, the Third Circuit ruled that the FTC can regulate cybersecurity policies and procedures as “unfair” acts or practices under Section 5 of the FTC Act. For a discussion of the decision, see our legal alert.
On September 10, 2015, Ballard Spahr attorneys will hold a webinar, “FTC as the de Facto Privacy Regulator: 10 Things You Need To Know” from 12:00-1:00 p.m. ET. The registration form is available here.